Look at the physical systems that make up internet infrastructure, and you find a network that is a lot more centralized than you might think.

In January 2011, protests broke out across Egypt to demand an end to the despotic and repressive regime of Hosni Mubarak. The protests were largely organized online, through social networks like Twitter and Facebook. Mubarak quickly realized this, and launched a counterattack: He severed all access to the internet from within Egypt.

Dyn Research, a internet performance company that analyzes how the internet performs, noted that Egypt’s Arab Spring shutdown started with just a couple phone calls from the government:

The prior day [before the internet shutdown], we had received a tip from an Egyptian telecom engineer that the government was warning some telecoms that they should be prepared to act quickly if the government ordered the shutdown of internet services. Just after midnight local time in Egypt, that order came and nearly all Egyptian access to the global internet was down in a matter of minutes.

This is what the Egyptian internet looked like after those phone calls.

Subscribe

Receive daily email updates:

Subscribe to the Defense One daily.

Be the first to receive updates.

Mubarak’s successful internet shutdown reveals the way we understand the internet is something of a paradox: On one hand, it looks like decentralized anarchy, a place where anyone can create and share information, and where these data make their way seamlessly from one user to another. But if that were the case, how could a country so easily turn off the entire internet overnight?

When you look at the physical systems that make up internet infrastructure, you find a network that is a lot more centralized than you might think. Users may access the internet through any number of networks, usually controlled by Internet Service Providers (ISPs), universities, or businesses. But on their way from point A to point B, they almost always have to stop at centrally located routing systems that handle huge amounts of traffic.

It is at these internet choke points that data become centralized, even if it is just passing through. The existence of these central servers is good news for the likes of Mubarak, by making it trivial to censor, spy on, or shut down the internet. In a more open ecosystem, no single entity—governmental, corporate, or otherwise—has access to enough of the traffic being sent along to exercise its will over the internet. And if the ecosystem is competitive, internet users can choose to abandon a provider that is known to be spying or censoring.

But we know that many countries are not open. Egypt in 2011 is a clear example. China, Iran, and others are known to regularly censor content and cut off sections of the internet. This is because, when the physical routes traffic takes are severely limited, it endangers the free flow of information the internet was supposed to provide.

Researchers at Harvard attempted to identify these choke points, and determine how easily a given country could control its internet. Theirresearch, published in 2011, analyzed data collected by the Center for Applied Internet Data Analysis on trace routes—actual paths taken by data transferred across the web. The resulting data come with some caveats: the particulars are a few years out of date, though they make up the most recent comprehensive, country-by-country analysis. Also, because there is no single source of data on internet routes, the methods they used to identify paths only produce an approximation of what the actual internet looks like. Still, this research provides a useful way of seeing how internet control works.

Arab spring: Egypt 2011

Let’s revisit the Arab Spring shutdown of 2011. The Harvard researchers identified three “points of control” for Egypt. They define these as the minimum number of points that together account for at least 90% of Egypt’s IP addresses, the unique numbers assigned to each device on the internet. Nearly all the paths data can take to get into or out of the country go through these three points. Each of these points represents an “Autonomous System,” or AS, each of which is responsible for sending data along to either another AS or, eventually, an end user.

If you live in Egypt, your home internet might connect via a local ISP like Yalla Online. But in order to access some part of the internet outside the country—like Facebook or Twitter—Yalla’s connection needs to first pass through a major AS, in this case one controlled by LinkDotNet, a larger ISP. The same happens for various other ISPs, businesses, or other networks, making LinkDotNet’s AS a gatekeeper between the internet inside and outside Egypt.

The largest AS shown here belongs to the Egyptian offshoot of Etisalat, a large telecom operator based in the United Arab Emirates. According to the researchers’ data, over 58% of Egypt’s IP addresses pass through the Etisalat AS. Again, this figure is just an approximation, but it shows the outsized influence of this point in Egypt’s network.

So to cut off nearly all of his citizens from Facebook, Twitter, and other sites, Mubarak only had to sever the global connections of these few AS’s.

China’s choke points

Egypt is not the only country with just a few choke points. Another is China, notorious for censorship and surveillance of the internet. China has had its share of blackouts, too: ethnic rioting in western China caused the government to completely cut off internet to the western region of Xinjiang for 10 whole months. The research estimates that nearly 75% of Chinese IP addresses go through AS number 4134, Chinanet-Backbone, the world’s 15th-largest AS in terms of the number of IPs it serves.

Chinanet-Backbone is known to be a point at which China performs filtering, preventing certain kinds of information from entering or leaving the country. A 2011 paper (pdf) from researchers at the University of Michigan found that, of all the AS networks in the country, the Chinanet AS, and those of its branch companies across China, were responsible for more filtering than any others. (China’s large internal Internet Exchange Points, or IXPs, are also believed to be major points of filtering and censorship, but don’t appear in most data looking at internet traffic because they normally appear as a direct transfer from one AS to another.)

“Resistant” countries

Centralization is not the default for a country’s internet systems, though. Dyn Research used the AS data it collected independently to assess how difficult it would be to disconnect a given country from the internet. It divided countries into four categories: “Severe risk” of internet disconnection, “significant risk,” “low risk,” and “resistant.” This is what the networks of six “resistant” countries look like, according to the Harvard research:

These countries have several things in common: they are all democracies, so it would be harder for their heads of state to get Mubarak-levels of authority to shut down the entire internet. (The researchers chose not to analyze the United States because that country has a very high number of IP addresses not allocated to actual internet users, making data on the importance of an AS unreliable.) But even if the Singaporean or Canadian president got approval to do so, there are many more opportunities for companies or organizations that provide access to the internet outside the country to refuse the order or find ways around it.

The “resistant” countries also have relatively vibrant and competitive economies. This ensures that no single, monopolistic ISP becomes large enough to be a single access point to the outside. A country for which this seems to be the case is South Korea, which Dyn categorized as “low risk” rather than “resistant.” The Harvard data show South Korea’s internet to be heavily centralized, even though the country is ardently democratic. The largest AS there belongs to Korea Telecom—one of the largest of the country’s massive pseudo-monopolies known as chaebol—which serves over 40% of Korean broadband subscribers.

Russia’s radical decentralization

There is a final structure a country’s internet can take: a radically decentralized one. This is the case with Russia, which, given its president’s authoritarian tendencies, may surprise you.

The best explanation for this is cybercrime. A 2007 study of the Russian Business Network, a massive cybercrime operation based in St. Petersburg, creates “a nebulous network to blur the understanding of their activities.” By creating intentionally complex systems, cybercriminals can both hide their tracks and make their systems very difficult to shut down from the outside. The trade-off with such a system is that Russia loses some ability to track and censor its networks. So while Russia may be consider a larger threat to the US than China when it comes to cybercrime, Russia has at the same time been soliciting China for advice on how to structure its internet.

The shape of a national internet system reflects a country’s values, much like its economic policies or laws. Should the power of the internet be distributed across the country, or a tool a government or company can use to its advantage? Mubarak chose the latter, angering his citizens enough to get him thrown into prison. China’s internet czars choose the same, allowing local internet companies to flourish, but severely restricting the information available to people in the country.

It’s easy to think of our relationship to the internet as primarily about the software that connects us to it, like apps and web browsers. The great thing about software is that it is easy to change. If a browser has a bug, it can be fixed overnight. If an app starts asking for access to too much of your data, you can uninstall it.

But underneath all internet software is physical hardware. Once in place, this infrastructure establishes how users access information, and who gets to see that information. This physical internet is being shaped by a battle between two diverging trends: Governments and companies that want more control over data, and the flattening of internet infrastructure. China has been a loud advocate of”internet sovereignty,” the idea that each country should be able to essentially exist entirely on its own network. Huge ISPs like Comcast and Verizon have been accused of treating their own services differently, leveraging the massive networks they control. Centralization of the internet allows the likes of the National Security Agency to spy on traffic by getting large companies to agree, as happened with AT&T.

A decentralized internet, meanwhile, means that no one entity has the power to shape the internet toward its own advantage. It makes censorship, surveillance, and internet shutdowns much more difficult. It makes the internet ecosystem more competitive, and it likely makes the internet faster, allowing connections to take the best route instead of the only route.

As more and more of what we do every day happens online, the way this battle plays out will determine how easy it is for governments and companies to shape our lives.

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Defenseone.com does not monitor comments posted to this site (and
has no obligation to), it reserves the right to delete, edit, or move any material that it deems
to be in violation of this rule.